@eigenpal/docx-editor-agents
Agent-friendly API for DOCX document review — read, comment, propose changes, accept/reject tracked changes
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/headless-JZRG6TNP.js | AI (source-diff): Standard vite/tsup minified bundle; exports are readable docx-editor symbols, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/headless-VE2YU7ZB.js | AI (source-diff): Standard bundler minification output; sample shows normal CJS re-export pattern, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/headless-ULW7Q5F4.js | AI (source-diff): Standard Vite/tsup minified bundle output; readable symbol names confirm no obfuscation. | ai | |
| source-diff | obfuscated-file:dist/vue.js | AI (source-diff): Standard Vite minified Vue component bundle; content is clearly readable UI code. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Major version adding Vue UI subpackage; large file count is expected for this scope expansion. | ai | |
| source-diff | obfuscated-file:dist/headless-FE3K7ABO.js | AI (source-diff): Standard tsup/rollup bundle with named re-exports; not obfuscated, just minified chunk output. | ai | |
| source-diff | obfuscated-file:dist/headless-HPEK5EWV.js | AI (source-diff): Standard tsup/rollup bundle with readable re-exports; minified line length is expected for this build toolchain. | ai | |
| source-diff | obfuscated-file:dist/headless-SJ66VOJQ.js | AI (source-diff): Standard tsup/rollup minified bundle output; sample shows only re-exported named symbols, no malicious patterns. | ai | |
| provenance | no-provenance | AI (provenance): No provenance is common (~88% of npm); no other risk signals elevate this for this package. | ai | |
| source-diff | obfuscated-file:dist/headless-B7TGKW6I.js | AI (source-diff): Standard tsup/rollup bundle with minified names; sample shows CJS re-export boilerplate, not obfuscation. | ai |
Versions (showing 21 of 21)
| Version | Deps | Published |
|---|---|---|
| 1.0.2 | 4 / 7 | |
| 1.0.1 | 4 / 7 | |
| 0.5.1 | 4 / 1 | |
| 0.5.0 | 4 / 1 | |
| 0.4.3 | 4 / 1 | |
| 0.4.2 | 4 / 1 | |
| 0.4.1 | 4 / 1 | |
| 0.4.0 | 4 / 1 | |
| 0.3.1 | 4 / 1 | |
| 0.3.0 | 4 / 1 | |
| 0.2.0 | 4 / 1 | |
| 0.1.1 | 4 / 0 | |
| 0.1.0 | 4 / 0 | |
| 0.0.35 | 4 / 0 | |
| 0.0.34 | 4 / 0 | |
| 0.0.33 | 4 / 0 | |
| 0.0.32 | 4 / 0 | |
| 0.0.31 | 4 / 0 | |
| 0.0.30 | 4 / 0 | |
| 0.0.29 | 1 / 0 | |
| 0.0.28 | 1 / 0 |
v1.0.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.35
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.34
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.33
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.32
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.31
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.